Here is the official presidential directive and a fact sheet on the details of the new policy

President Barack Obama today issued new directions for the government's intelligence to follow. Among the items released today were an official Presidential Directive and a fact sheet on the details of the new policy. Here are full versions of both.

In the latter half of 2013 and early 2014, the United States government undertook a broad-ranging and unprecedented review of our signals intelligence programs, led by the White House with relevant departments and agencies across the government. In addition to our own intensive work, the review process drew on input from key stakeholders, including Congress, the tech community, civil society, foreign partners, the Review Group on Intelligence and Communication Technologies, the Privacy and Civil Liberties Oversight Board, and others. The administration's review examined how, in light of new and changing technologies, we can use our intelligence capabilities in a way that optimally protects our national security while supporting our foreign policy, respecting privacy and civil liberties, maintaining the public trust, and reducing the risk of unauthorized disclosures. On January 17, 2014, the president delivered a speech at the Department of Justice to announce the outcomes of this review process.

In that speech, the president made clear that the men and women of the U.S. intelligence community, including the NSA, consistently follow those protocols designed to protect the privacy of ordinary people and are not abusing authorities. When mistakes have been made, they have corrected those mistakes. But for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world. To that end, the administration has developed a path forward that we believe should give the American people greater confidence that their rights are being protected, while preserving important tools that keep us safe, and that addresses significant questions that have been raised overseas. Today the president announced the Administration's adoption of a series of concrete and substantial reforms that the administration will adopt administratively or seek to codify with Congress, to include a majority of the recommendations made by the Review Group.

Fact sheet: Review of U.S. signals intelligence

In the latter half of 2013 and early 2014, the United States government undertook a broad-ranging and unprecedented review of our signals intelligence programs, led by the White House with relevant departments and agencies across the government. In addition to our own intensive work, the review process drew on input from key stakeholders, including Congress, the tech community, civil society, foreign partners, the Review Group on Intelligence and Communication Technologies, the Privacy and Civil Liberties Oversight Board, and others. The administration's review examined how, in light of new and changing technologies, we can use our intelligence capabilities in a way that optimally protects our national security while supporting our foreign policy, respecting privacy and civil liberties, maintaining the public trust, and reducing the risk of unauthorized disclosures. On January 17, 2014, the president delivered a speech at the Department of Justice to announce the outcomes of this review process.

In that speech, the president made clear that the men and women of the U.S. intelligence community, including the NSA, consistently follow those protocols designed to protect the privacy of ordinary people and are not abusing authorities. When mistakes have been made, they have corrected those mistakes. But for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world. To that end, the administration has developed a path forward that we believe should give the American people greater confidence that their rights are being protected, while preserving important tools that keep us safe, and that addresses significant questions that have been raised overseas. Today the president announced the administration's adoption of a series of concrete and substantial reforms that the administration will adopt administratively or seek to codify with Congress, to include a majority of the recommendations made by the Review Group.

New presidential policy directive

Today, President Obama issued a new presidential policy directive for our signals intelligence activities, at home and abroad. This directive lays out new principles that govern how we conduct signals intelligence collection, and strengthen how we provide executive branch oversight of our signals intelligence activities. It will ensure that we take into account our security requirements, but also our alliances; our trade and investment relationships, including the concerns of our companies; and our commitment to privacy and basic liberties. And we will review decisions about intelligence priorities and sensitive targets on an annual basis, so that our actions are regularly scrutinized by thepresident's senior national security team.

The Foreign Intelligence Surveillance CourtSince the review began, we've declassified over 40 opinions and orders of the Foreign Intelligence Surveillance Court, which provides judicial review of some of our most sensitive intelligence activities including the Section 702 program targeting foreign individuals overseas and the Section 215 telephone metadata program. Going forward, the president directed the Director of National Intelligence, in consultation with the attorney general, to annually review for the purpose of declassification any future opinions of the court with broad privacy implications, and to report to the president and Congress on these efforts. To ensure that the court hears a broader range of privacy perspectives, the president called on Congress to authorize the establishment of a panel of advocates from outside the government to provide an independent voice in significant cases before the court.

Section 702 of Foreign Intelligence Surveillance ActSection 702 is a valuable program that allows the government to intercept the communications of foreign targets overseas who have information that's important to our national security. The president believes that we can do more to ensure that the civil liberties of U.S. persons are not compromised in this program. To address incidental collection of communications between Americans and foreign citizens, the president has asked the attorney general and DNI [director of national intelligence] to initiate reforms that place additional restrictions on the government's ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702.

Section 215 of the Patriot ActUnder Section 215 of the Patriot Act, the government collects metadata related to telephone calls in bulk. We believe this is a capability that we must preserve, and would note that the Review Group turned up no indication that the program had been intentionally abused. But, we believe we must do more to give people confidence. For this reason, the president ordered a transition that will end the Section 215 bulk metadata program as it currently exists, and establish a program that preserves the capabilities we need without the government holding the data.

This transition has two steps. Effective immediately, we will only pursue phone calls that are two steps removed from a number associated with a terrorist organization instead of three. The president has directed the attorney general to work with the Foreign Intelligence Surveillance Court so that during this transition period, the database can be queried only after a judicial finding, or in a true emergency. On the broader question, the president has instructed the intelligence community and the attorney general to use this transition period to develop options for a new program that can match the capabilities and fill the gaps that the Section 215 program was designed to address without the government holding this metadata, and report back to him with options for alternative approaches before the program comes up for reauthorization on March 28. At the same time, the president will consult with the relevant committees in Congress to seek their views, and then seek congressional authorization for the new program as needed.

National security lettersIn investigating threats, the FBI relies on the use of national security letters (NSLs), which can be used to require companies to provide certain types of information to the government without disclosing the orders to the subject of the investigation. In order to be more transparent in how the government uses this authority, the president directed the attorney general to amend how we use NSLs to ensure that nondisclosure is not indefinite, and will terminate within a fixed time unless the government demonstrates a need for further secrecy.

We will also enable communications providers to make public more information than ever before about the orders they have received to provide data to the government. These companies have made clear that they want to be more transparent about the FISA, NSLs, and law-enforcement requests that they receive from the government. The administration agrees that these concerns are important, and is in discussions with the providers about ways in which additional information could be made public.

Increasing confidence overseasU.S. global leadership demands that we balance our security requirements against our need to maintain trust and cooperation among people and leaders around the world. For that reason, the new presidential guidance lays out principles that govern what we do abroad, and clarifies what we don't do. The United States only uses signals intelligence for legitimate national security purposes, and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary people.

What we don't do: The United States does not collect intelligence to suppress criticism or dissent. We do not collect intelligence to disadvantage people based on their ethnicity, race, gender, sexual orientation, or religion. And we do not collect intelligence to provide a competitive advantage to U.S. companies or U.S. commercial sectors.

What we will do: In terms of our bulk collection, we will only use data to meet specific security requirements: counterintelligence, counterterrorism, counterproliferation, cyber security, force protection for our troops and allies, and combating transnational crime, including sanctions evasion.

The president has also decided that we will take the unprecedented step of extending certain protections that we have for the American people to people overseas. He has directed the attorney general and DNI to develop these safeguards, which will limit the duration that we can hold personal information, while also restricting the dissemination of this information.

People around the world regardless of their nationality should know that the United States is not spying on ordinary people who don't threaten our national security and takes their privacy concerns into account.

This applies to foreign leaders as well. Given the understandable attention that this issue has received, the president has made clear to the intelligence community that unless there is a compelling national security purpose we will not monitor the communications of heads of state and government of our close friends and allies. And he has instructed his national security team, as well as the intelligence community, to work with foreign counterparts to deepen our coordination and cooperation in ways that rebuild trust going forward.

While our intelligence agencies will continue to gather information about the intentions of governments as opposed to ordinary citizens around the world, in the same way that the intelligence services of every other nation do, we will not apologize because our services may be more effective. But heads of state and government with whom we work closely, on whose cooperation we depend, should feel confident that we are treating them as real partners. The changes the president ordered do just that.

International engagementTo support our work, the president has directed changes to how our government is organized. The State Department will designate a senior officer to coordinate our diplomacy on issues related to technology and signals intelligence. The administration will appoint a senior official at the White House to implement the new privacy safeguards that we have announced today. And the president has also asked his counselor, John Podesta, to lead a review of big data and privacy. This group will consist of government officials who -- along with the president's Council of Advisors on Science and Technology -- will reach out to privacy experts, technologists, and business leaders, and look at how the challenges inherent in big data are being confronted by both the public and private sectors, whether we can forge international norms on how to manage this data, and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.

The president also announced that we will devote resources to centralize and improve the process we use to handle foreign requests for legal assistance, called the Mutual Legal Assistance Treaty (MLAT) process. Under MLAT, foreign partners can request access to information stored in the United States pursuant to U.S. law. As the concentration of U.S.-based cloud storage providers has increased, so has the number of MLAT requests. To address this increase, we will speed up and centralize MLAT processing, we will implement new technology to increase the efficiency and transparency of the process, and we will increase our international outreach and training to help ensure that requests meet U.S. legal standards. We will put the necessary resources in place to reduce our response time by half by the end of 2015, and we will work aggressively to respond to legally sufficient requests in a matter of weeks. This change will ensure that our foreign partners can more effectively use information held in the U.S. to prosecute terrorists and other criminals, while still meeting the strict privacy protections put in place by U.S. law.

In addition to the initiatives that were announced by the president, the administration's review affirmed our commitment to ongoing initiatives:

Consumer privacy codes of conductTwo years ago, the president released a Blueprint for Consumer Privacy in the Digital Age as a "dynamic model of how to offer strong privacy protection and enable ongoing innovation in new information technologies." Following the release of the blueprint, the administration has convened the private sector, privacy experts, and consumer advocates to develop voluntary codes of conduct to safeguard sensitive consumer data. Last summer a multistakeholder group completed the first such code on how mobile apps should access private information. The Department of Commerce is continuing this multistakeholder process, aiming to launch the development of new codes of conduct in 2014.

Commitment to an open InternetMaintaining an open, accessible Internet, including the ability to transmit data across borders freely is essential for global growth and development. We will redouble our commitment to promote the free flow of information around the world through an inclusive approach to Internet governance and policymaking. Individuals in the 21st century depend on free and unfettered access to data flows without arbitrary government regulation. Businesses depend increasingly on agreed data-sharing regimes that allow information to move seamlessly across borders in support of global business operations. Developing countries and small businesses around the world in particular have a lot at stake, and much to lose from limitations restricting the Internet as an engine of prosperity and expression. Requirements to store data or locate hardware in a given location hurt competition, stifle innovation, and diminish economic growth. And they undermine the DNA of the Internet, which by design is a globally distributed network of networks. We will continue to support the multistakeholder, inclusive approach to the Internet and work to strengthen and make more inclusive its policy-making, standards-setting, and governance organizations.

The United States, like other nations, has gathered intelligence throughout its history to ensure that national security and foreign policy decisionmakers have access to timely, accurate, and insightful information.

The collection of signals intelligence is necessary for the United States to advance its national security and foreign policy interests and to protect its citizens and the citizens of its allies and partners from harm. At the same time, signals intelligence activities and the possibility that such activities may be improperly disclosed to the public pose multiple risks. These include risks to our relationships with other nations, including the cooperation we receive from other nations on law enforcement, counterterrorism, and other issues; our commercial, economic, and financial interests, including a potential loss of international trust in U.S. firms and the decreased willingness of other nations to participate in international data sharing, privacy, and regulatory regimes; the credibility of our commitment to an open, interoperable, and secure global Internet; and the protection of intelligence sources and methods.

In addition, our signals intelligence activities must take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information.

In determining why, whether, when, and how the United States conducts signals intelligence activities, we must weigh all of these considerations in a context in which information and communications technologies are constantly changing. The evolution of technology has created a world where communications important to our national security and the communications all of us make as part of our daily lives are transmitted through the same channels. This presents new and diverse opportunities for, and challenges with respect to, the collection of intelligence and especially signals intelligence. The United States intelligence community (IC) has achieved remarkable success in developing enhanced capabilities to perform its signals intelligence mission in this rapidly changing world, and these enhanced capabilities are a major reason we have been able to adapt to a dynamic and challenging security environment.[1]

[1]For the purposes of this directive, the terms "intelligence community" and "elements of the intelligence community" shall have the same meaning as they do in Executive Order 12333 of December 4, 1981, as amended (Executive Order 12333).

United States must preserve and continue to develop a robust and technologically advanced signals intelligence capability to protect our security and that of our partners and allies. Our signals intelligence capabilities must also be agile enough to enable us to focus on fleeting opportunities or emerging crises and to address not only the issues of today, but also the issues of tomorrow, which we may not be able to foresee.

Advanced technologies can increase risks, as well as opportunities, however, and we must consider these risks when deploying our signals intelligence capabilities. The IC conducts signals intelligence activities with care and precision to ensure that its collection, retention, use, and dissemination of signals intelligence account for these risks. In light of the evolving technological and geopolitical environment, we must continue to ensure that our signals intelligence policies and practices appropriately take into account our alliances and other partnerships; the leadership role that the United States plays in upholding democratic principles and universal human rights; the increased globalization of trade, investment, and information flows; our commitment to an open, interoperable and secure global Internet; and the legitimate privacy and civil liberties concerns of U.S. citizens and citizens of other nations.

Presidents have long directed the acquisition of foreign intelligence and counterintelligence[2] pursuant to their constitutional authority to conduct U.S. foreign relations and to fulfill their constitutional responsibilities as commander in chief and chief executive. They have also provided direction on the conduct of intelligence activities in furtherance of these authorities and responsibilities, as well as in execution of laws enacted by the Congress. Consistent with this historical practice, this directive articulates principles to guide why, whether, when, and how the United States conducts signals intelligence activities for authorized foreign intelligence and counterintelligence purposes.[3]

Signals intelligence collection shall be authorized and conducted consistent with the following principles:

(a) The collection of signals intelligence shall be authorized by statute or executive order, proclamation, or other presidential directive, and undertaken in

[2] For the purposes of this directive, the terms "foreign intelligence" and "counterintelligence" shall have the same meaning as they have in Executive Order 12333. Thus, "foreign intelligence" means "information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists," and "counterintelligence" means "information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities." Executive Order 12333 further notes that "[i]ntelligence includes foreign intelligence and counterintelligence."

[3] Unless otherwise specified, this directive shall apply to signals intelligence activities conducted in order to collect communications or information about communications, except that it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities. accordance with the Constitution and applicable statutes, executive orders, proclamations, and presidential directives.

(b) Privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities. The United States shall not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion. Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions and not for any other purposes.

(c) The collection of foreign private commercial information or trade secrets is authorized only to protect the national security of the United States or its partners and allies. It is not an authorized foreign intelligence or counterintelligence purpose to collect such information to afford a competitive advantage[4] to U.S. companies and U.S. business sectors commercially.

(d) Signals intelligence activities shall be as tailored as feasible. In determining whether to collect signals intelligence, the United States shall consider the availability of other information, including from diplomatic and public sources. Such appropriate and feasible alternatives to signals intelligence should be prioritized.

Sec. 2. Limitations on the Use of Signals Intelligence Collected in Bulk.

Locating new or emerging threats and other vital national security information is difficult, as such information is often hidden within the large and complex system of modern global communications. The United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats. Routine communications and communications of national security interest increasingly transit the same networks, however, and the collection of signals intelligence in bulk may consequently result in the collection of information about persons whose activities are not of foreign intelligence or counterintelligence value. The United States will therefore impose new limits on its use of signals intelligence collected in bulk. These limits are intended to protect the privacy and civil liberties of all persons, whatever their nationality and regardless of where they might reside.

In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data

[4] Certain economic purposes, such as identifying trade or sanctions violations or government influence or direction, shall not constitute competitive advantage.

[5] The limitations contained in this section do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection. References to signals intelligence collected in "bulk" mean the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.). only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section. In no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S. business sectors commercially; or achieving any purpose other than those identified in this section.

The assistant to the president and national security advisor (APNSA), in consultation with the director of national intelligence (DNI), shall coordinate, on at least an annual basis, a review of the permissible uses of signals intelligence collected in bulk through the National Security Council Principals and Deputies Committee system identified in PPD-1 or any successor document. At the end of this review, I will be presented with recommended additions to or removals from the list of the permissible uses of signals intelligence collected in bulk.

The DNI shall maintain a list of the permissible uses of signals intelligence collected in bulk. This list shall be updated as necessary and made publicly available to the maximum extent feasible, consistent with the national security.

Sec. 3. Refining the Process for Collecting Signals Intelligence.

U.S. intelligence collection activities present the potential for national security damage if improperly disclosed. Signals intelligence collection raises special concerns, given the opportunities and risks created by the constantly evolving technological and geopolitical environment; the unique nature of such collection and the inherent concerns raised when signals intelligence can only be collected in bulk; and the risk of damage to our national security interests and our law enforcement, intelligence-sharing, and diplomatic relationships should our capabilities or activities be compromised. It is, therefore, essential that national security policymakers consider carefully the value of signals intelligence activities in light of the risks entailed in conducting these activities.

To enable this judgment, the heads of departments and agencies that participate in the policy processes for establishing signals intelligence priorities and requirements shall, on an annual basis, review any priorities or requirements identified by their departments or agencies and advise the DNI whether each should be maintained, with a copy of the advice provided to the APNSA.

Additionally, the classified Annex to this directive, which supplements the existing policy process for reviewing signals intelligence activities, affirms that determinations about whether and how to conduct signals intelligence activities must carefully evaluate the benefits to our national interests and the risks posed by those activities.6

All persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and all persons have legitimate privacy interests in the handling of their personal information.[7] U.S. signals intelligence activities must, therefore, include appropriate safeguards for the personal information of all individuals, regardless of the nationality of the individual to whom the information pertains or where that individual resides.

8(a) Policies and Procedures. The DNI, in consultation with the attorney general, shall ensure that all elements of the IC establish policies and procedures that apply the following principles for safeguarding personal information collected from signals intelligence activities. To the maximum extent feasible consistent with the national security, these policies and procedures are to be applied equally to the personal information of all persons, regardless of nationality:

9 i. Minimization. The sharing of intelligence that contains personal information is necessary to protect our national security and advance our foreign policy interests, as it enables the United States to coordinate activities across our government. At the same time, however, by setting appropriate limits on such sharing, the United States takes legitimate privacy concerns into account and decreases the risks that personal information will be misused or mishandled. Relatedly, the significance to our national security of intelligence is not always apparent upon an initial review of information: Intelligence must be retained for a sufficient period of time for the IC to understand its relevance and use

6 Section 3 of this directive, and the directive's classified annex, do not apply to (1) signals intelligence activities undertaken by or for the Federal Bureau of Investigation in support of predicated investigations other than those conducted solely for purposes of acquiring foreign intelligence; or (2) signals intelligence activities undertaken in support of military operations in an area of active hostilities, covert action, or human intelligence operations.

[7] Departments and agencies shall apply the term "personal information" in a manner that is consistent for U.S. persons and non-U.S. persons. Accordingly, for the purposes of this directive, the term "personal information" shall cover the same types of information covered by "information concerning U.S. persons" under section 2.3 of Executive Order 12333.

[8] The collection, retention, and dissemination of information concerning "United States persons" is governed by multiple legal and policy requirements, such as those required by the Foreign Intelligence Surveillance Act and Executive Order 12333. For the purposes of this directive, the term "United States person" shall have the same meaning as it does in Executive Order 12333.

[9] The policies and procedures of affected elements of the IC shall also be consistent with any additional IC policies, standards, procedures, and guidance the DNI, in coordination with the Attorney General, the heads of IC elements, and the heads of any other departments containing such elements, may issue to implement these principles. This directive is not intended to alter the rules applicable to U.S. persons in Executive Order 12333, the Foreign Intelligence Surveillance Act, or other applicable law to meet our national security needs. However, long-term storage of personal information unnecessary to protect our national security is inefficient, unnecessary, and raises legitimate privacy concerns. Accordingly, IC elements shall establish policies and procedures reasonably designed to minimize the dissemination and retention of personal information collected from signals intelligence activities.

Dissemination: Personal information shall be disseminated only if the dissemination of comparable information concerning U.S. persons would be permitted under section 2.3 of Executive Order 12333.

Retention: Personal information shall be retained only if the retention of comparable information concerning U.S. persons would be permitted under section 2.3 of Executive Order 12333 and shall be subject to the same retention periods as applied to comparable information concerning U.S. persons. Information for which no such determination has been made shall not be retained for more than 5 years, unless the DNI expressly determines that continued retention is in the national security interests of the United States.

Additionally, within 180 days of the date of this directive, the DNI, in coordination with the attorney general, the heads of other elements of the IC, and the heads of departments and agencies containing other elements of the IC, shall prepare a report evaluating possible additional dissemination and retention safeguards for personal information collected through signals intelligence, consistent with technical capabilities and operational needs.

ii. Data Security and Access. When our national security and foreign policy needs require us to retain certain intelligence, it is vital that the United States take appropriate steps to ensure that any personal information contained within that intelligence is secure.

Accordingly, personal information shall be processed and stored under conditions that provide adequate protection and prevent access by unauthorized persons, consistent with the applicable safeguards for sensitive information contained in relevant executive orders, proclamations, presidential directives, IC directives, and associated policies. Access to such personal information shall be limited to authorized personnel with a need to know the information to perform their mission, consistent with the personnel security requirements of relevant executive orders, IC directives, and associated policies. Such personnel will be provided appropriate and adequate training in the principles set forth in this directive. These persons may access and use the information consistent with applicable laws and executive orders and the principles of this directive; personal information for which no determination has been made that it can be permissibly disseminated or retained under section 4(a)(i) of this directive shall be accessed only in order to make such determinations (or to conduct authorized administrative, security, and oversight functions).

iii. Data Quality. IC elements strive to provide national security policymakers with timely, accurate, and insightful intelligence, and inaccurate records and reporting can not only undermine our national security interests, but also can result in the collection or analysis of information relating to persons whose activities are not of foreign intelligence or counterintelligence value. Accordingly, personal information shall be included in intelligence products only as consistent with applicable IC standards for accuracy and objectivity, as set forth in relevant IC directives. Moreover, while IC elements should apply the IC Analytic Standards as a whole, particular care should be taken to apply standards relating to the quality and reliability of the information, consideration of alternative sources of information and interpretations of data, and objectivity in performing analysis.

iv. Oversight. The IC has long recognized that effective oversight is necessary to ensure that we are protecting our national security in a manner consistent with our interests and values. Accordingly, the policies and procedures of IC elements, and departments and agencies containing IC elements, shall include appropriate measures to facilitate oversight over the implementation of safeguards protecting personal information, to include periodic auditing against the standards required by this section.

The policies and procedures shall also recognize and facilitate the performance of oversight by the inspectors general of IC elements, and departments and agencies containing IC elements, and other relevant oversight entities, as appropriate and consistent with their responsibilities. When a significant compliance issue occurs involving personal information of any person, regardless of nationality, collected as a result of signals intelligence activities, the issue shall, in addition to any existing reporting requirements, be reported promptly to the DNI, who shall determine what, if any, corrective actions are necessary. If the issue involves a non-United States person, the DNI, in consultation with the Secretary of State and the head of the notifying department or agency, shall determine whether steps should be taken to notify the relevant foreign government, consistent with the protection of sources and methods and of U.S. personnel.

(b) Update and Publication. Within 1 year of the date of this directive, IC elements shall update or issue new policies and procedures as necessary to implement section 4 of this directive, in coordination with the DNI. To enhance public understanding of, and promote public trust in, the safeguards in place to protect personal information, these updated or newly issued policies and procedures shall be publicly released to the maximum extent possible, consistent with classification requirements.

(c) Privacy and Civil Liberties Policy Official. To help ensure that the legitimate privacy interests all people share related to the handling of their personal information are appropriately considered in light of the principles in this section, the APNSA, the Director of the Office of Management and Budget (OMB), and the Director of the Office of Science and Technology Policy (OSTP) shall identify one or more senior officials who will be responsible for working with the DNI, the attorney general, the heads of other elements of the IC, and the heads of departments and agencies containing other elements of the IC, as appropriate, as they develop the policies and procedures called for in this section.

(d) Coordinator for International Diplomacy. The Secretary of State shall identify a senior official within the Department of State to coordinate with the responsible departments and agencies the United States government's diplomatic and foreign policy efforts related to international information technology issues and to serve as a point of contact for foreign governments who wish to raise concerns regarding signals intelligence activities conducted by the United States.

Sec. 5. Reports.

(a) Within 180 days of the date of this directive, the DNI shall provide a status report that updates me on the progress of the IC's implementation of section 4 of this directive.

(b) The Privacy and Civil Liberties Oversight Board is encouraged to provide me with a report that assesses the implementation of any matters contained within this directive that fall within its mandate.

(c) Within 120 days of the date of this directive, the president's Intelligence Advisory Board shall provide me with a report identifying options for assessing the distinction between metadata and other types of information, and for replacing the "need to share" or "need to know" models for classified information sharing with a Work-Related Access model.

(d) Within 1 year of the date of this directive, the DNI, in coordination with the heads of relevant elements of the IC and OSTP, shall provide me with a report assessing the feasibility of creating software that would allow the IC more easily to conduct targeted information acquisition rather than bulk collection.

Sec. 6. General Provisions.

(a) Nothing in this directive shall be construed to prevent me from exercising my constitutional authority, including as commander in chief, chief executive, and in the conduct of foreign affairs, as well as my statutory authority. Consistent with this principle, a recipient of this directive may at any time recommend to me, through the APNSA, a change to the policies and procedures contained in this directive.

(b) Nothing in this directive shall be construed to impair or otherwise affect the authority or responsibility granted by law to a United States government department or agency, or the head thereof, or the functions of the Director of OMB relating to budgetary, administrative, or legislative proposals. This directive is intended to supplement existing processes or procedures for reviewing foreign intelligence or counterintelligence activities and should not be read to supersede such processes and procedures unless explicitly stated.

(c) This directive shall be implemented consistent with applicable U.S. law and subject to the availability of appropriations.

(d) This directive is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

Cooney is an Online News Editor and the author of the Layer 8 blog, Network World's daily home for the not-just-networking news. He has been working with Network World since 1992. You can reach him at mcooney@nww.com.